/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* Test that all ciphersuites work in all versions and all client
* authentication types. The way this is setup the server is stateless and
* all checking is done on the client side.
*
* The test is multithreaded to speed it up, especially on multiprocessor
* machines. To simplify debugging, run with -DnumThreads=1.
*
* @author Andreas Sterbenz
*/
public class CipherTest {
// use any available port for the server socket
final int THREADS;
// assume that if we do not read anything for 20 seconds, something
// has gone wrong
this.cipherTest = cipherTest;
}
public abstract void run();
boolean newline = false;
while (true) {
if (ch < 0) {
throw new EOFException();
}
if (ch == '\r') {
// empty
} else if (ch == '\n') {
if (newline) {
// 2nd newline in a row, end of request
break;
}
newline = true;
} else {
newline = false;
}
}
}
}
}
public static class TestParameters {
String clientAuth) {
this.cipherSuite = cipherSuite;
this.clientAuth = clientAuth;
}
boolean isEnabled() {
}
if (clientAuth != null) {
}
return s;
}
static enum TLSCipherStatus {
// cipher suites supported since TLS 1.2
// cipher suites obsoleted since TLS 1.2
// cipher suites obsoleted since TLS 1.1
// ignore TLS_EMPTY_RENEGOTIATION_INFO_SCSV always
// the cipher suite name
// supported since protocol version
final int supportedSince;
// obsoleted since protocol version
final int obsoletedSince;
int supportedSince, int obsoletedSince) {
this.cipherSuite = cipherSuite;
this.supportedSince = supportedSince;
this.obsoletedSince = obsoletedSince;
}
if (versionNumber < 0) {
return true; // unlikely to happen
}
return false;
}
return true;
}
}
return true;
}
int versionNumber = -1;
switch (protocol) {
case "SSLv2Hello":
versionNumber = 0x0002;
break;
case "SSLv3":
versionNumber = 0x0300;
break;
case "TLSv1":
versionNumber = 0x0301;
break;
case "TLSv1.1":
versionNumber = 0x0302;
break;
case "TLSv1.2":
versionNumber = 0x0303;
break;
default:
// unlikely to happen
}
return versionNumber;
}
}
}
private boolean failed;
continue;
}
if ((clientAuth != null) &&
// no client with anonymous ciphersuites
continue;
}
clientAuth));
}
}
}
}
synchronized void setFailed() {
failed = true;
}
for (int i = 0; i < THREADS; i++) {
try {
"Client " + i);
} catch (Exception e) {
e.printStackTrace();
return;
}
}
try {
for (int i = 0; i < THREADS; i++) {
}
} catch (InterruptedException e) {
setFailed();
e.printStackTrace();
}
if (failed) {
"' failed ***");
} else {
"' completed successfully");
}
}
if (failed) {
return null;
}
if (testIterator.hasNext()) {
}
return null;
}
return factory;
}
this.cipherTest = cipherTest;
}
public final void run() {
while (true) {
// no more tests
break;
}
continue;
}
try {
} catch (Exception e) {
e.printStackTrace();
}
}
}
while (true) {
if (ch < 0) {
break;
}
}
}
}
}
// for some reason, ${test.src} has a different value when the
// test is called from the script and when it is called directly...
return ks;
}
throws Exception {
} else {
}
secureRandom = new SecureRandom();
trustManager = new AlwaysTrustManager();
"Server");
serverThread.setDaemon(true);
cipherTest.run();
}
static abstract class PeerFactory {
// skip kerberos cipher suites
return false;
}
// skip SSLv2Hello protocol
return false;
}
// ignore exportable cipher suite for TLSv1.1
return false;
}
}
return true;
}
}
}
// we currently don't do any chain verification. we assume that works ok
// and we can speed up the test. we could also just add a plain certificate
// chain comparision with our trusted certificates.
public AlwaysTrustManager() {
}
throws CertificateException {
// empty
}
throws CertificateException {
// empty
}
return new X509Certificate[0];
}
}
this.keyManager = keyManager;
}
}
return null;
}
}
return null;
}
}
return null;
}
}
throw new UnsupportedOperationException("Servers not supported");
}
throw new UnsupportedOperationException("Servers not supported");
}
throw new UnsupportedOperationException("Servers not supported");
}
}
}
}
t.setDaemon(true);
return t;
}
}